Commit e194fe8f authored May 28, 2008 by Bodo Möller

From HEAD:

Fix flaw if 'Server Key exchange message' is omitted from a TLS
handshake which could lead to a cilent crash as found using the
Codenomicon TLS test suite (CVE-2008-1672)

Reviewed by: openssl-security@openssl.org

Obtained from: mark@awe.com

parent 40a70628

CHANGES

+5 −0

Original line number	Diff line number	Diff line
		@@ -690,6 +690,11 @@

		Changes between 0.9.8g and 0.9.8h [xx XXX xxxx]

		*) Fix flaw if 'Server Key exchange message' is omitted from a TLS
		handshake which could lead to a cilent crash as found using the
		Codenomicon TLS test suite (CVE-2008-1672)
		[Steve Henson, Mark Cox]

		*) Fix double free in TLS server name extensions which could lead to
		a remote crash found by Codenomicon TLS test suite (CVE-2008-0891)
		[Joe Orton]

ssl/s3_clnt.c

+7 −0

Original line number	Diff line number	Diff line
		@@ -2143,6 +2143,13 @@ int ssl3_send_client_key_exchange(SSL *s)
		{
		DH dh_srvr,dh_clnt;

		if (s->session->sess_cert == NULL)
		{
		ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
		SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
		goto err;
		}

		if (s->session->sess_cert->peer_dh_tmp != NULL)
		dh_srvr=s->session->sess_cert->peer_dh_tmp;
		else